Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Iyz3wKVPzhf9WfS8gw_6ejNGwIg.roa
File:                     Iyz3wKVPzhf9WfS8gw_6ejNGwIg.roa (raw, json)
Hash identifier:          jgIHZs/Xp9czP+6YQfNl0Nj5zpS4K8/54e/8DeJnbUg=
Subject key identifier:   23:2C:F7:C0:A5:4F:CE:17:FD:59:F4:BC:83:0F:FA:7A:33:46:C0:88
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018E74E149A24E055E04D3FB8E687B4174B2
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Iyz3wKVPzhf9WfS8gw_6ejNGwIg.roa
Signing time:             Mon 25 Mar 2024 09:11:45 +0000
ROA not before:           Mon 25 Mar 2024 09:11:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212477
IP address blocks:        89.213.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 17 Apr 2024 08:19:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:74:e1:49:a2:4e:05:5e:04:d3:fb:8e:68:7b:41:74:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 25 09:11:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=232cf7c0a54fce17fd59f4bc830ffa7a3346c088
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:51:2f:9a:0c:8d:81:b5:95:c2:26:33:84:15:
                    f4:37:3c:91:1b:f4:ee:09:17:65:9e:73:b0:54:b4:
                    92:6f:63:96:c9:9a:4e:6d:87:67:ba:b8:25:52:60:
                    a1:df:3a:02:9d:1c:73:09:22:6e:f5:61:86:1c:79:
                    f2:14:1b:55:ca:15:eb:f9:5a:af:fd:b8:5e:e5:60:
                    2b:3c:66:ee:6a:59:53:ab:2b:90:ed:65:5b:93:cc:
                    06:03:ce:57:04:92:b7:e7:86:20:8f:66:23:37:6d:
                    c5:2f:c3:e2:e0:f4:68:8c:61:e7:58:43:a3:14:fe:
                    10:5f:5d:23:49:ce:bf:16:e8:c1:4a:b6:8f:6c:b2:
                    80:9f:86:d9:50:fb:af:31:98:da:50:50:3d:12:a9:
                    5e:0c:f0:f1:b4:62:98:af:2d:9f:13:ce:83:90:90:
                    52:23:3d:3b:3b:4f:27:68:be:cf:ff:7c:c1:58:99:
                    96:de:10:18:7b:ff:0e:1c:13:68:91:fc:db:67:7d:
                    18:12:5a:ce:6d:9a:f0:5c:d8:3b:4d:d1:76:df:49:
                    cc:72:5a:2a:f8:73:a1:c8:29:98:ac:14:d2:b0:63:
                    ad:23:ab:e0:af:e0:09:d9:ed:07:67:92:34:7f:44:
                    20:9b:5f:f4:08:c6:91:aa:d2:5c:12:3f:67:ae:03:
                    54:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:2C:F7:C0:A5:4F:CE:17:FD:59:F4:BC:83:0F:FA:7A:33:46:C0:88
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Iyz3wKVPzhf9WfS8gw_6ejNGwIg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:7a:9d:68:6e:1c:ac:eb:4a:1c:3c:85:9d:de:e0:e0:8f:e5:
         c8:56:bf:25:44:cd:f0:86:17:37:c2:1e:83:6f:d5:ea:a0:e5:
         ba:f7:ac:67:c9:73:92:06:de:47:b8:54:27:72:f4:11:3b:56:
         66:c5:21:eb:9f:7c:33:68:3c:fd:af:04:72:4f:53:c7:41:5c:
         5c:48:6b:9c:7c:62:34:ab:11:0b:53:87:3f:f4:fc:96:b4:0e:
         f6:5b:34:2f:49:1d:ab:b4:a7:df:97:c9:a3:9b:ab:f7:62:26:
         70:cd:53:de:f3:3e:79:24:32:d4:2f:f4:64:5b:c0:c0:3e:0a:
         6c:3e:b8:ed:54:bc:83:65:47:91:86:05:e9:68:be:41:15:78:
         d2:45:c4:3d:95:f7:23:97:72:62:1b:63:9b:73:2f:08:e3:3b:
         8b:d6:34:b7:d5:48:64:23:32:1b:81:9e:66:03:9a:9e:f2:ad:
         b6:6b:c5:f2:e4:34:b9:9d:58:84:7b:28:78:b9:19:50:13:79:
         30:b0:5e:38:58:ff:94:b7:e5:5d:83:41:f7:6f:74:ab:27:e3:
         c0:59:50:8e:eb:9d:89:86:67:31:19:c1:06:c8:81:bf:33:5b:
         34:ae:c7:e8:1c:aa:e1:ed:dc:8a:d3:92:72:17:43:41:ed:2e:
         49:fa:26:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY504UmiTgVeBNP7jmh7QXSyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzI1MDkxMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzJjZjdjMGE1NGZjZTE3ZmQ1OWY0YmM4MzBmZmE3YTMzNDZjMDg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAplEvmgyNgbWVwiYzhBX0NzyRG/Tu
CRdlnnOwVLSSb2OWyZpObYdnurglUmCh3zoCnRxzCSJu9WGGHHnyFBtVyhXr+Vqv
/bhe5WArPGbuallTqyuQ7WVbk8wGA85XBJK354Ygj2YjN23FL8Pi4PRojGHnWEOj
FP4QX10jSc6/FujBSraPbLKAn4bZUPuvMZjaUFA9EqleDPDxtGKYry2fE86DkJBS
Iz07O08naL7P/3zBWJmW3hAYe/8OHBNokfzbZ30YElrObZrwXNg7TdF230nMcloq
+HOhyCmYrBTSsGOtI6vgr+AJ2e0HZ5I0f0Qgm1/0CMaRqtJcEj9nrgNUMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCMs98ClT84X/Vn0vIMP+nozRsCIMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSXl6M3dLVlB6aGY5V2ZTOGd3XzZlak5Hd0lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdV4MA0G
CSqGSIb3DQEBCwUAA4IBAQAaep1obhys60ocPIWd3uDgj+XIVr8lRM3whhc3wh6D
b9XqoOW696xnyXOSBt5HuFQncvQRO1ZmxSHrn3wzaDz9rwRyT1PHQVxcSGucfGI0
qxELU4c/9PyWtA72WzQvSR2rtKffl8mjm6v3YiZwzVPe8z55JDLUL/RkW8DAPgps
PrjtVLyDZUeRhgXpaL5BFXjSRcQ9lfcjl3JiG2Obcy8I4zuL1jS31UhkIzIbgZ5m
A5qe8q22a8Xy5DS5nViEeyh4uRlQE3kwsF44WP+Ut+Vdg0H3b3SrJ+PAWVCO652J
hmcxGcEGyIG/M1s0rsfoHKrh7dyK05JyF0NB7S5J+ib+
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:15 2024 by rpki-client on console-fra.rpki-client.org